* Atty. t)ocketNo.: 3269/( 




[ail No. EL 595664063 US 



WHAT IS CLAIMED IS : 

1. A method for authorizing execution of requested actions transmitted between 
clients and servers of a data processing system, the method comprising: 

receiving a first message including a set of actions and a second message including user- 
requested actions and inputs; 

simulating execution of the set of actions and building a list of allowable actions and 
user-definable inputs to the allowable actions; 

comparing the list of allowable actions and user-definable inputs to the user-requested 
actions and inputs; and 

where the list of allowable actions and user-definable inputs includes the user-requested 
actions and inputs, authorizing execution of the user-requested actions. 

2. The method as set forth in claim 1, wherein the step of simulating comprises 
identifying all possible actions and inputs to the possible actions resulting from an execution of 
the set of actions at a client. 

3. The method as set forth in claim 1, wherein the step of simulating comprises 
invoking and triggering each command, field, user-selectable input option and HTTP request 
within the set of actions. 
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4. The method as set forth in claim 1, wherein the user-requested actions and inputs 
includes actions and inputs provided during a user session performed in response to receipt of the 
first message at a client. 



5 5. The method as set forth in claim 1, comprising: 

during the step of simulating, detecting an input control requesting entry of a data value 
and assigning a unique place holder to represent the data value; and 

during the step of comparing, matching a pattern of the unique place holder to the input 
received from the user. 

6. The method as set forth in claim 1 , wherein the step of simulating comprises: 
'^-J detecting an input control requesting selection of one of a plurality of predefined data 

values; and 

^ iteratively selecting one of the plurality of predefined data values and continuing 

\ %l simulation of the set of actions and building of the list of allowable actions and user-definable 
f\ inputs with the selected one data value until each of the plurality of predefined data values is 
selected and listed. 



7. The method as set forth in claim 1, comprising: 
20 prior to the step of simulating, tracing execution of the set of actions at a client; and 

during the step of simulating, providing results of the tracing in response to the user- 
selectable inputs. 
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8. The method as set forth in claim 1 , comprising: 
prior to the step of simulating: 

identifying actions within the set of actions of the first message; 

supplementing the first message with actions for tracing input to the identified 
actions; and 

transmitting the supplemented first message to a client; and 
during the step of simulating, providing results of the tracing as user-selectable inputs to 
the identified actions are requested. 



9. The method as set forth in claim 8, wherein the results of the tracing are included 
within the second message. 

10. The method as set forth in claim 8, wherein the results of the tracing are included 
in a third message that is received prior to receipt of the second message. 



11. A security gateway coupled between clients and servers of a data processing 
system, comprising: 

an evaluator for evaluating transmissions between said clients and servers and for 
identifying informational content and application programming logic included within each 
transmission; 

a simulator for simulating a processing environment for executing said application 
programming logic of said transmissions, said simulator including an enumeration engine for 
triggering events and identifying user-definable inputs to said application programming logic, 
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said simulator providing a list of allowable actions and user-definable input values to said 
actions; and 

a filter for receiving transmissions including user-requested actions and input, comparing 
said user-requested actions and input to said list of allov^able actions and user-definable input 
5 values, and passing through said security gateway transmissions having user-requested actions 
and inputs within said list of allowable actions and input values. 

12. The security gateway as set forth in claim 11, comprising a data store, accessible 
by said simulator and said filter, for storing said list of allowable actions and input values. 

ai 13. The security gateway as set forth in claim 1 1, wherein said simulator comprises a 

"J detector for detecting an input control requesting entry of a data value and for assigning a unique 
' place holder to represent said data value, and wherein said filter comprises means for matching a 
pattern of said unique place holder to said input received from said user. 

01 14. The security gateway as set forth in claim 11, wherein said simulator comprises: 

a detector for detecting an input control requesting selection of one of a plurality of 
predefined data values; and 

means for iteratively selecting one of said plurality of predefined data values, continuing 
20 simulation of said applicafion programming logic, and building of said list of allowable actions 
and user-definable inputs with said selected one data value until each of said plurality of 
predefined data values is selected and listed. 
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15. The security gateway as set forth in claim 11, wherein said evaluator comprises 
means for identifying actions of interest within said application programming logic and for 
tracing inputs to said actions received at a client, and wherein said simulator comprises means 
for receiving results of said tracing and providing said results as user-selectable inputs to said 
identified actions are performed within said simulation. 

16. A method for authorizing execution of requested actions transmitted from a client 
to a server of a client/server data processing system, the method performed by a gateway coupled 
between the client and the server, comprising: 

receiving, from the server, a document including a set of actions; 

simulating execution of the set of actions and building a list of allowable actions and 
user-definable inputs to the allowable actions; 

receiving, from the client, and a message including user-requested actions and inputs; 

comparing the list of allowable actions and user-defmable inputs to the user-requested 
actions and inputs; and 

where the list of allowable actions and user-definable inputs includes the user-requested 
actions and inputs, transmitting the user-requested actions and inputs to the server for execution. 

17. The method as set forth in claim 16, comprising storing, at the gateway, the list of 
allowable actions and user-definable inputs. 
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